The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local shell commands including ls, find, mkdir, and cat to inspect the project directory and create or modify files. Specifically, SKILL.md and references/workflow.md detail scripts that write content to the filesystem using heredocs.
[DYNAMIC_EXECUTION]: The core functionality involves generating and writing instruction files (SKILL.md) at runtime based on user requests and predefined templates. This process assembles executable instructions for the AI agent, which is a form of dynamic content generation that can alter agent logic.
[INDIRECT_PROMPT_INJECTION]: The skill possesses a vulnerability surface where untrusted data from user requests or existing files is incorporated into new rules without explicit sanitization.
Ingestion points: User-provided rule names, descriptions, and content are ingested in the 'Rule Addition' phase (SKILL.md). Existing rule files are read during the 'Structure Analysis' phase (references/workflow.md).
Boundary markers: No explicit boundary markers or 'ignore' instructions are used when interpolating external data into generated files.
Capability inventory: The skill has the capability to list directories (ls), find files (find), create directories (mkdir), and write file content (cat) as seen in the workflow documentation.
Sanitization: The skill lacks logic to sanitize or escape user-provided strings before writing them into instruction files, potentially allowing malicious content to influence future agent interactions.

rule-manager